Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-developers-owner AT cygwin DOT com Delivered-To: mailing list cygwin-developers AT cygwin DOT com Message-Id: <3.0.5.32.20021022220428.0082e750@h00207811519c.ne.client2.attbi.com> X-Sender: pierre AT h00207811519c DOT ne DOT client2 DOT attbi DOT com Date: Tue, 22 Oct 2002 22:04:28 -0400 To: cygwin-developers AT cygwin DOT com From: "Pierre A. Humblet" Subject: Re: Shell scripts [was Re: Avoiding /etc/passwd and /etc/group scans] In-Reply-To: <20021023012619.GB24001@redhat.com> References: <3 DOT 0 DOT 5 DOT 32 DOT 20021022210518 DOT 008282a0 AT mail DOT attbi DOT com> <20021022181947 DOT GA4729 AT redhat DOT com> <3DB5A076 DOT ABAFF076 AT ieee DOT org> <20021022191217 DOT GD4828 AT redhat DOT com> <3DB5AB53 DOT B434ED90 AT ieee DOT org> <20021022202004 DOT GA6995 AT redhat DOT com> <20021022203300 DOT GC6429 AT redhat DOT com> <3DB5BC04 DOT CD6587CB AT ieee DOT org> <20021022212028 DOT GG6429 AT redhat DOT com> <3DB5C3C4 DOT F57CE7B0 AT ieee DOT org> <3 DOT 0 DOT 5 DOT 32 DOT 20021022210518 DOT 008282a0 AT mail DOT attbi DOT com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" At 09:26 PM 10/22/2002 -0400, Christopher Faylor wrote: >>All your changes in fhandler_disk_file.cc are in the branch with >>get_file_attribute () != 0, Thus they do not apply to successful calls >>with ntsec. > >No, they're not. Oops. Now that I look at the source and not the web diff it's obvious. >We've made ntsec the default but there are possibly a number of people >out there who have never done a 'chmod a+x foo' on their shell scripts. >Until we have a consistent story on how to solve their problems, I think >it makes sense to make '#!' always executable. OK, it hits me hard. I have thought too much about the sids mapping issue. >I'm willing to be swayed on this but, so far, it doesn't seem like anyone >is effectively communicating with anyone else here. We need to get on >the same page wrt the problems and how we are going to solve them. That's a tough one. I see 3 possible ways: 1) Your current way. Magic => executable. Convenient but chmod is broken and big break with Unix. 2) use another CYGWIN= variable, to make that feature optional. 3) use nontsec if you are not willing to 'chmod a+x foo' I think I would vote for 3. I would also distribute a script or a program to chmod all scripts in a tree. Under user control, not from setup. Also, you have buf->st_mode |= STD_XBITS; so there will be x bits even when it isn't readable. That can be improved easily, for 1 or 2 or the script. Pierre